Vulnerability identifier: #VU50379

Vulnerability risk: Low

CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-1136

CWE-ID: CWE-347

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
Cisco 8000 Series Routers
Hardware solutions / Routers & switches, VoIP, GSM, etc
Cisco Network Convergence System 5000 Series
Hardware solutions / Routers & switches, VoIP, GSM, etc

Vendor:

Description

The vulnerability allows a local user to bypass implemented security restrictions.

The vulnerability exists in the signing functions of ISO packaging of Cisco NCS 540 Series Routers, only when running Cisco IOS XR NCS540L software images, and Cisco IOS XR Software for the Cisco 8000 Series Routers. Unsigned script within the ISO image is not verified during system upgrade before it is executed. A local user can execute unsigned code during the boot process on an affected device.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

---

External links
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ioxr-l-zNhcGCBt
http://bst.cloudapps.cisco.com/bugsearch/bug/CSCvs70887

---

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.